Bruno Thomsen
2e0edcbabd
docker: yum: use https for postgresql rpm download.
...
Signed-off-by: Bruno Thomsen <bruno.thomsen@gmail.com>
2019-03-14 17:14:17 +01:00
Markus Opahle
ed568f569c
only use ssl if certificate is specified
...
Signed-off-by: Markus Opahle <3225748+mopahle@users.noreply.github.com>
2019-02-28 14:06:59 +01:00
walkafwalka
3a7bf6a8ac
Add SSL suport for docker install
...
Signed-off-by: walkafwalka <41709139+walkafwalka@users.noreply.github.com>
2019-02-27 10:45:34 +01:00
softwarefactory-project-zuul[bot]
889dae357b
Merge pull request #3235 from ryanpetrello/sql-profiling
...
add a custom DB backend that provides system-level SQL profiling
Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2019-02-15 21:56:28 +00:00
Klaas Demter
8f36e21c97
Avoid pg password ending up in syslog/shell output
...
Currently if an error occurs the pgpassword would be exposed to syslog / shell during playbook backup.yml
2019-02-15 16:15:33 +01:00
Ryan Petrello
eed94b641e
add a custom DB backend that provides system-level SQL profiling
...
run this command on _any_ node in an awx cluster:
$ awx-manage profile_sql --threshold=2.0 --minutes=1
...and for 1 minute, the timing for _every_ SQL query in _every_ awx
Python process that uses the Django ORM will be measured
queries that run longer than (in this example) 2 seconds will be
written to a per-process sqlite database in /var/lib/awx/profile, and
the file will contain an EXPLAIN VERBOSE for the query and the full
Python stack that led to that SQL query's execution (this includes not
just WSGI requests, but background processes like the runworker and
dispatcher)
$ awx-manage profile_sql --threshold=0
...can be used to disable profiling again (if you don't want to wait for
the minute to expire)
2019-02-14 15:04:46 -05:00
softwarefactory-project-zuul[bot]
a1cef744a7
Merge pull request #3230 from impca/patch-1
...
Update compose configuration
Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2019-02-14 15:45:41 +00:00
impca
9add96a0d3
update docker compose installer
...
Only run commands to update certs when config changes.
2019-02-14 08:29:47 +01:00
impca
c29275315e
Update compose configuration
...
When running awx via docker-compose and using custom certificates (for LDAP auth or whatever else...), update-ca-trust has to be called afer starting the container to actually use new certificates (just as it is called when using docker to run - https://github.com/ansible/awx/blob/devel/installer/roles/local_docker/tasks/standalone.yml#L119-L120 ).
2019-02-13 15:39:52 +01:00
Mathieu Mallet
dce3795e0c
update-ca-trust: Ensure CA trust is updated in awx_task container
...
Related #3010
Both awx_web and awx_task containers can have a volume mounted in
specified by the ca_trust_dir variable. Unfortunately only the
awx_web container's trust is updated. This patch makes sure the
awx_task container's trust is updated as well
Testing Done: ansible-playbook --syntax-check installer/install.yml
Signed-off-by: Mathieu Mallet <mmallet@digipok.io>
2019-02-06 16:51:14 +00:00
Marius Rieder
072919040b
Omit DATABASE_SSLMODE if not set.
2019-01-22 17:24:44 +01:00
Marius Rieder
589531163a
Add pg_sslmode option.
...
Allows to use PostgreSQL over SSL #709
2019-01-21 19:47:34 +01:00
Yanis Guenane
44c48d1d66
Nginx: Specify X-Frame-Options "DENY" header
...
Adding the X-Frame-Options "DENY"; header to avoid possible clickjacking
attack.
More info of the why available here:
https://www.owasp.org/index.php/Testing_for_Clickjacking_(OTG-CLIENT-009)
Signed-off-by: Yanis Guenane <yguenane@redhat.com>
2019-01-21 12:34:17 +01:00
softwarefactory-project-zuul[bot]
5f01c3f5a8
Merge pull request #2994 from coreywan/pod-limits
...
Add POD Limits
Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2019-01-18 04:28:11 +00:00
softwarefactory-project-zuul[bot]
7b39198f26
Merge pull request #2995 from coreywan/postgres_helm
...
adds persistence.storageClass and limits to postgress helm install
Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2019-01-18 04:24:18 +00:00
softwarefactory-project-zuul[bot]
474876872e
Merge pull request #2999 from themr0c/issue-2991
...
related #2991 - Helm creation of postgreql on multiple namespaces
Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2019-01-17 14:28:05 +00:00
Corey Wanless
aebeeb170e
adds pod limits
...
Signed-off-by: Corey Wanless <corey.wanless@wwt.com>
2019-01-16 09:23:18 -06:00
Fabrice Flore-Thebault
c434d38876
adding helm chart version for postgresql
...
Signed-off-by: Fabrice Flore-Thebault <themr0c@users.noreply.github.com>
2019-01-16 09:40:49 +01:00
Shane McDonald
04da4503db
Python 3 / Upstream Kubernetes
2019-01-15 14:09:05 -05:00
Ryan Petrello
96b9bd6ab6
make py3 packaging work for k8s
2019-01-15 14:09:05 -05:00
Fabrice Flore-Thebault
7b32262f75
revert pg_hostname
...
Signed-off-by: Fabrice Flore-Thebault <themr0c@users.noreply.github.com>
2019-01-15 14:59:17 +01:00
Fabrice Flore-Thebault
d69f6acf64
add helm repo update and fix helm upgrade
...
Signed-off-by: Fabrice Flore-Thebault <themr0c@users.noreply.github.com>
2019-01-15 14:48:26 +01:00
Fabrice Flore-Thebault
ef3aab1357
related #2991 - unify postgresql_service_name
...
Signed-off-by: Fabrice Flore-Thebault <themr0c@users.noreply.github.com>
2019-01-15 11:44:08 +01:00
Corey Wanless
0c074e0988
* adds persistence.storageClass and limits to postgress helm install
...
* adds new variables to the inventory
Signed-off-by: Corey Wanless <corey.wanless@wwt.com>
2019-01-14 11:28:21 -06:00
softwarefactory-project-zuul[bot]
32c705a62a
Merge pull request #2996 from coreywan/setup-postgress-activation-wait
...
adds wait time for postgres setup as a variable
Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2019-01-14 17:22:54 +00:00
Fabrice Flore-Thebault
d43521bb77
fix #2991 - make Helm creation of postgreql succeed when installing multiple AWX on different namespaces on same kubernetes
...
Signed-off-by: Fabrice Flore-Thebault <themr0c@users.noreply.github.com>
2019-01-14 10:32:21 +01:00
Corey Wanless
b1710f9523
adds wait time for postgres setup as a variable
2019-01-11 22:23:43 -06:00
Ryan Petrello
4858868428
configure an HA policy for openshift/k8s installs
2018-12-14 14:08:30 -05:00
Hideki Saito
f16a72081a
Fixed issue where admin_user and password change are not reflected
...
- No effect of changing admin_user and admin_password when using docker-compose #2666
2018-11-13 18:21:18 +09:00
Idan Bidani
a213e01491
updating default Postgresql version to 9.6
2018-11-10 18:27:22 -05:00
westfood
694e494484
Using new Helm parameters for PostgreSQL access.
2018-10-28 11:55:36 +01:00
softwarefactory-project-zuul[bot]
3e4738d948
Merge pull request #2430 from dmt/devel
...
Fix installer volume definitions
Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2018-10-25 22:12:25 +00:00
softwarefactory-project-zuul[bot]
94083f55c7
Merge pull request #2510 from Intermax-Cloudsourcing/awx-web-dockerfile-tmp
...
Empties /tmp in awx_web Dockerfile
Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2018-10-25 21:59:42 +00:00
Daniel Temme
6ecd18b2e2
make volume concatenation work
...
The second list gets interpreted as part of the else block, effectively
dropping it. Separating both list definitions with braces seems to work.
# Conflicts:
# installer/roles/local_docker/tasks/standalone.yml
2018-10-25 17:54:10 -04:00
Daniel Temme
4e9c705997
Partial revert for "Bugfix for ca_trust_dir"
...
# Conflicts:
# installer/roles/local_docker/tasks/standalone.yml
# Conflicts:
# installer/roles/local_docker/tasks/standalone.yml
2018-10-25 17:53:12 -04:00
softwarefactory-project-zuul[bot]
1803a76a4d
Merge pull request #2485 from wwt/fix-tiller-namespace
...
Pass tiller namespace down to helm task
Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2018-10-25 21:40:08 +00:00
softwarefactory-project-zuul[bot]
86ca1875f1
Merge pull request #2486 from wwt/remove-rabbit-cluster-name
...
Remove .cluster.local from service name for rabbitmq
Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2018-10-25 21:37:54 +00:00
wilmardo
bf5c259d92
Empties /tmp in web Dockerfile
2018-10-25 17:12:26 -04:00
Igor Vuk
c133b35162
Update variable names for local Docker daemon installation
...
Signed-off-by: Igor Vuk <parcijala@gmail.com>
2018-10-25 12:47:25 -04:00
David Moreau Simard
1dd44df471
Let users disable create_preload_data if it isn't necessary
...
The demo things might not be desirable in a production environment.
2018-10-24 11:36:33 -04:00
James Evans
88819ada6b
Remove .cluster.local from service name for rabbitmq
...
FQDNs are not required for service discovery, and having the FQDN in the
name prevents the discovery from working in clusters not named
cluster.local.
2018-10-18 14:00:05 -05:00
James Evans
4198227116
Pass tiller namespace down to helm task
2018-10-18 09:34:13 -05:00
Ilkka Tengvall
42a0192425
Merge branch 'devel' into ikke-t-selinux-fix
2018-10-17 21:44:48 +03:00
softwarefactory-project-zuul[bot]
0a964b2bf6
Merge pull request #2266 from ansible/celery-tastes-bad
...
replace the celery-based task queue with a kombu-based implementation
Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2018-10-12 18:40:54 +00:00
Daniel Temme
921231fe3d
fix indentation for register variable
2018-10-12 11:13:42 +02:00
softwarefactory-project-zuul[bot]
6721ea54e9
Merge pull request #1956 from droopy4096/devel
...
allow nginx config extension
Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2018-10-11 22:38:36 +00:00
softwarefactory-project-zuul[bot]
99a42e91fe
Merge pull request #2235 from ChrisRo89/devel
...
Extracted more variables which a related to rabbitmq/postgresql from tasks to defaults
Reviewed-by: Shane McDonald <me@shanemcd.com>
https://github.com/shanemcd
2018-10-11 21:54:38 +00:00
softwarefactory-project-zuul[bot]
9a580ba644
Merge pull request #2416 from fantashley/fix-openshift-auth
...
Fix openshift auth broken by undefined vars
Reviewed-by: Ashley Nelson <fantashley@gmail.com>
https://github.com/fantashley
2018-10-11 21:51:20 +00:00
softwarefactory-project-zuul[bot]
74fcdabc22
Merge pull request #2156 from Decstasy/patch-1
...
Bugfix for ca_trust_dir
Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2018-10-11 21:31:45 +00:00
Ashley Nelson
9bec7cf3b0
Fix openshift auth broken by undefined vars
...
Signed-off-by: Ashley Nelson <fantashley@gmail.com>
2018-10-11 16:25:55 -05:00